Cisco Secure Firewall Threat Defense Virtual Install – How to Tutorial

In this Tutorial will be deployed Cisco Secure Firewall Threat Defense Virtual Appliance running on ESXi Host. I will go step by step with both types of management – locally and remotely with FMC. These steps could also be used for production environment install.

 

This Tutorial is remake of my Firepower Threat Defense Virtual Install Tutorial after Cisco has renamed the product line at the End of the 2021 year.

 

Cisco states:

“Part of simplifying our portfolio involves the renaming of our security products under one brand, Cisco Secure. Being clear and outcome-focused, this change simplifies communication and will improve everyone’s understanding of how each product secures and protects within the Cisco Secure portfolio. For now, all products will include mention of the former names to easily recognize them during the transition”

 

more about Cisco Secure portfolio naming Architecture

 

learn more about FTD in Datasheet:

Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv) Data Sheet

 

Prerequisites:

Network Diagram:

1. Download the Secure Firewall Threat Defense Virtual

Download the Secure Firewall Threat Defense Virtual image for VMware ESXi from Cisco.com, and save it to your local computer:

 

https://software.cisco.com/download/home/286306503/type/286306337/release/7.2.0

 

Note:

A Cisco.com login and Cisco service contract are required.

2. Create VMware Virtual Machine

 
The FTDv supports performance-tiered licensing that provides different throughput levels and VPN connection limits based on deployment requirements.
 
Minimal Hardware Requirements for FTD Virtual Appliance:
Performance Tier: FTDv5, 100Mbps
CPU Cores: 4
 
For the Testlab purposes will be used the minimal configuration. This configuration is not necessary to prepare in advance for the VM, because we will be deploying this virtual machine from ovf file which includes deployment template.

2.1 In VMware ESXi Web interface select “Create/Register VM”.

2.2 Select “Deploy a virtual machine from an OVF or OVA file”. Select Next.

2.3 Enter name for the FTD Appliance “Cisco-ftd1”, Select or drag and drop the vmdk file and ESXi .ovf file. Select Next.

 

Note:

If you are deploying in vCenter use VI .ovf file.

2.4 Choose your Datastore. Select Next.

2.5 Configure your Network interface mappings and Deployment Type (according to your license / performance tier)

 

“Management0-0” – function Management (lab_mgmt1)

“Diagnostic” – function Diagnostic (lab_lan2)

“GigabitEthernet0-0” – function Outside Data (lab_wan1)

“GigabitEthernet0-1” – function Inside Data (lab_lan1)

“GigabitEthernet0-[2..7]” function Data traffic (optional)

 

more about Deployment options in Cisco Documentation – step 12

Deploy the Secure Firewall Threat Defense Virtual to a vSphere ESXi Host

 

Select Deployment type: 4 Core / 8 GB

more about Deployment type in Cisco Documentation – “Table 2. Performance Tiers”:

System Requirements

 

Disk Provisioning: Thin

more about VMware ESXi disk provisioning

 

Select Next.

2.6 Review your configuration before finishing the wizard. Select Finish.

3. Complete the FTD setup using CLI

3.1 Open the VMware console and log in with default credentials: admin/Admin123, press Enter to display EULA. press Enter to accept EULA.

3.2 Enter new admin password.

3.3 Configure network

 

Do you want to configure IPv4: y

Do you want to configure IPv6: n

Configure IPv4 via DHCP or manually: manual

Enter IPv4 address for the management interface: 172.21.1.41

Enter IPv4 netmask for the management interface: 255.255.255.0

Enter the IPv4 default gateway for the management interface: 172.21.1.1

Enter a fully qualified hostname for this system: ftd1

Enter a fully comma-separated list of DNS servers or ‘none’: 172.21.1.1, 8.8.8.8

Manage the device localy? yes

 

Note:

for managing the device locally with Secure Firewall Device Manager (included in FTD system) choose  – yes

for managing remotely with Secure Firewall Management Center (additional standalone product) choose – no and go directly to Step 6. – Remotely managed FTD with FMC

3.4 Initial configuration successfully performed.

4. Basic Secure Firewall Device Manager configuration

4.1 Log in to FDM with your account.

4.2 Configure Outside Interface Address

 

Configure IPv4: Manually input

IPv4 Address: 172.16.1.41

Network Mask: 255.255.255.0

Gateway: 172.16.1.1

 

Select Next.

4.3 Configure Time Setting. Select Next.

4.4 Choose license model or continue with evaluation period. Choose Performance Tier. Select Finish.

 

more about FTD Performance Tiers.

4.5 Choose “Standalone Device” unless you want manage the device from cloud. Select Got it. 

4.6 Select “View All Interfaces”

4.7 Select edit button on GigabitEthernet0/1 (inside interface)

4.8 Configure inside network interface.

 

IP Address: 10.0.1.1

Netmaks: 255.255.255.0

 

Disable DHCP Server (unless you want to use DHCP Service on the FTD), Select Delete.

Are you sure you want to delete this DHCP Server? Select Ok.

Acknowledge interface configuration, Select Ok.

5. Basic Policy configuration with FDM

5.1 Select “Policies” Tab – Access Control.

 

configure Policy according to your needs. (In this example Default Rule with Action “Allow”)

 

Note:

Trust – Allow traffic without further inspection of any kind.

Allow – Allow the traffic subject to the intrusion and other inspection settings in the policy.

Block – Drop the traffic unconditionally. The traffic is not inspected.

 

more about Configuring the Access Control Policy

5.2 Deploy pending changes. Select Deploy. Select Deploy now

At this point we have functional locally managed Cisco Secure Firewall Threat Defense with basic configuration already processing the traffic and ready for advanced configuration in FDM – Secure Firewall Device Manager.

 

Cisco Secure Firewall Threat Defense Configuration Guide for Firewall Device Manager

6. Remotely managed FTD with FMC

 
If you chose in Step 3.3 “Manage the device locally? (yes/no):” no then continue with this chapter to register FTD Appliance with FMC Appliance.
 
 
more about

6.1 Manage the device locally? (yes/no): no

6.2 Configure firewall mode. Enter routed.

6.3 Configure Registration Key for the FMC

 

configure manager add 172.21.1.40 MyRegistrationKey

6.4 Log in to your FMC and Select Devices – Device Management.

 

Note:

If you are using Evaluation License then in popup window select “Start 90-day evaluation period without registration.”

6.5 Select Add – Device.

6.6 Add the ftd1 device.

 

Host: 172.21.1.41

Display Name: ftd1

Registration Key: MyRegistrationKey

Group: None

Performance Tier: FTDv5 – Tiered (Core 4 / 8 GB)

Transfer Pakcets: Checked

 

Select under Access Control Policy – Create new policy

6.7 Create Policy

 

Name: ftd1_policy

Default Action: Block all traffic

 

Select Save. Select Register.

6.8 FTD Appliance “ftd1” is successfully registered to the FMC. Select ftd1 – Edit

 

more about Configure, Verify and Troubleshoot Firepower Device Registration

 

Note:

Red Exclamation mark will disappear once there is successful Threat Data Updates download from the Cisco Cloud and will show green ok icon

6.9 Configure ftd1 Interfaces

GigabitEthernet0/0

General / 

Logical Name: wan1

Enabled: check

Security Zone: External

IPv4 /

IP Address: 172.16.1.41/24

GigabitEthernet0/1

General / 

Logical Name: lan1

Enabled: check

Security Zone: Internal

IPv4 /

IP Address: 10.0.1.1/24

 

Click “Save”

7. Basic Policy configuration with FMC

7.1 Select Policies – Access Control – edit Policy

7.2 Add Rule(s)

 

for the test purposes I will add icmp test rule

Zones \

Name: icmp

Source Zone: Internal

Destination Zone: External

Applications \ icmp

7.3 Save and Deploy Policy

Cisco Secure Firewall Threat Defense Virtuall (FTDv) Appliance is successfully registered to Cisco Secure Firewall Management Center (FMC) and is ready for further configuration.

 

In this tutorial I described all necessary steps for FTD Virtual Machine Install, Configuration for localy managed FTD as well as remotely managed FTD by FMC. After Installation and Configuration of the FTD basic test Firewall Policy has been configured.

 

more about Access Control Policies